Home > Blockchain >  WinDbg evaluate ebp 12
WinDbg evaluate ebp 12

Time:09-05

I try to understand things about stackpointer, basepointer .. how does it work .. and because most of the teaching material are not combined with a practical examples, I try to reproduce that: https://en.wikibooks.org/wiki/X86_Disassembly/Functions_and_Stack_Frames

Following very simple code by me:

#include <stdio.h>

int main()
{
    function1(1, 2);
}

int function1(int a, int b)
{
    int c = a   b; 
    return c; 
}

I use WinDbg to execute the programm and set the breakpoint bm CallStackPractice!function1 and type g to hit the breakpoint and p to step into the function.

With ebp 8 we should get the first parameter. I did that in WinDbg:

0:000> ? poi(ebp 8)
Evaluate expression: 1 = 00000001

good. No we want our second parameter that should be ebp 12.

0:000> ? poi(ebp 12)
Evaluate expression: 270729434 = 102300da

We don't get 2 = 00000002. I opened the memory window in WinDbg and it shows me the correct value but why does my command not work?

Thank you!

UPDATE: For better understanding the screenshot: windbg screenshot

CodePudding user response:

That's a common mistake. 12 means 0x12 by default.

If you want a decimal number 12, use 0n12 or 0xC or change the default number format using n 10 (I don't know anyone who does that, actually).

0:000> ? 12
Evaluate expression: 18 = 00000000`00000012
0:000> n 10
base is 10
0:000> ? 12
Evaluate expression: 12 = 00000000`0000000c

Back at base 16:

1:005:x86> n 16
base is 16
1:005:x86> ? poi(ebp 8)
Evaluate expression: 1 = 00000001
1:005:x86> ? poi(ebp c)
Evaluate expression: 2 = 00000002

If you get weird errors like

1:005:x86> ?poi(ebp  c)
Memory access error at ')'

that's because you're still at base 10.

You might also want to take a look at the stack with dps like so:

1:005:x86> dps ebp-c L7
008ff60c  cccccccc       <-- magic number (4x INT 3 breakpoint)
008ff610  00000003        
008ff614  cccccccc
008ff618  008ff6f4
008ff61c  00fb189a DebugESPEBP!main 0x2a [C:\...\DebugESPEBP.cpp @ 13]
008ff620  00000001        <-- a
008ff624  00000002        <-- b

As you see, dps will give you the return address as a symbol with line number. And you'll see that the memory layout in debug mode contains magic numbers helpful for debugging

Page link:https//www.codepudding.com/Blockchain/534016.html

Prev:How to create native Android switches on Flutter?
Next:How do you define a function type in Haskell?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding